Packages
- apt - Advanced front-end for dpkg
Details
Ansgar Burchardt discovered that APT incorrectly handled InRelease files.
If a remote attacker were able to perform a machine-in-the-middle attack, this
flaw could potentially be used to install altered packages.
This update corrects the issue by disabling InRelease file support
completely. Please note that this update breaks third-party repositories
that provide only a InRelease file and no separate Release and Release.gpg
files. The default Ubuntu repositories do not use InRelease files.
Ansgar Burchardt discovered that APT incorrectly handled InRelease files.
If a remote attacker were able to perform a machine-in-the-middle attack, this
flaw could potentially be used to install altered packages.
This update corrects the issue by disabling InRelease file support
completely. Please note that this update breaks third-party repositories
that provide only a InRelease file and no separate Release and Release.gpg
files. The default Ubuntu repositories do not use InRelease files.
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
Ubuntu Release | Package Version | ||
---|---|---|---|
12.10 quantal | apt – 0.9.7.5ubuntu5.4 | ||
12.04 precise | apt – 0.8.16~exp12ubuntu10.10 | ||
11.10 oneiric | apt – 0.8.16~exp5ubuntu13.7 |
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.